Abuse may be from humans being a nuisance or malicious, or from SPAMbots creating unwanted activity and site pollution.

Although a notoriously difficult issue to address other than through moderation there are some configurable mechanisms available that attempt to minimise the possibility of site abuse and DOS.  All apply to Reader Comment and some to Reader Feedback and to Reader Form.

VWcms, not being a LAMP style application, probably has some immunity due to the relative obscurity of its interface.  However 'bots have had a lot of development time invested in them and are highly sophisticated applications.  There has been at least a couple of instances of probable SPAMbot activity on the VWcms comment interface!  (Though it's difficult to tell human from SPAMbot, and from human-assisted SPAMbot.)

User Agent

VWcms comment files store the request user-agent string.  These can be examined to determine if a 'bot has some identifying agent string characteristic and excluded from site access using the [reject-agent] configuration directive.

This site may be of some assistance

http://www.botsvsbrowsers.com/

Text Strings

The comment or feedback (email) text can be examined for specific strings and rejected if present.  There are two variants with this.

[comment-reject-string]	This directive accepts strings, one per line.  These strings are literals and may contain white-space.  If they are found in the text the comment/feedback is rejected.
[comment-reject-word]	This directive accepts a series of white-space delimitted 'words'.  The comment/feedback text is processed to eliminate all non-alphabetic characters (to reduce obfuscation) and then these words are searched for in the text.  If found the comment/feedback is rejected.

Ticket to Comment

A ticket is a unique string, provided by VWcms, which must be included in the comment/feedback text by the user.  When a comment/feedback page contains a $$TICKET$$ directive VWcms requires the specified ticket in the comment/feedback text or it will be rejected.  This is an attempt to defeat SPAMbot automation.

See Using Tickets.

Maximum Comment Size

Configuration directive [comment-max-chars] sets the maximum size of any single comment in bytes.

Maximum File Size

The total comment file size in kilobytes can be set using directive [comment-max-size].  (Reader comment only.)

Minimum Interval

Directive [comment-min-interval] sets the minimum interval in seconds between successive posts from the one host IP address.  (Reader comment only.)

Host Maximum

The maximum number of postings against any individual comment from any single host can be set using the [comment-host-max] directive.  (Reader comment only.)